A critical vulnerability in the implementation of the TACACS+ protocol for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication controls or access sensitive data.
The flaw originates from the software’s failure to properly verify whether a required TACACS+ shared secret is configured, creating a window for machine-in-the-middle (MitM) attacks.
Cisco has released software updates to address the issue and has provided a workaround for immediate mitigation.
Authentication Bypass and Data Exposure
The core of this vulnerability lies in how affected devices handle TACACS+ authentication when a shared secret key is missing from the configuration.
An attacker positioned on the network between the Cisco device and the TACACS+ server can exploit this oversight in two primary ways. First, they can intercept TACACS+ messages, which would be unencrypted due to the missing secret, and read sensitive information contained within them.
Second, the attacker could impersonate the TACACS+ server and falsely approve any authentication request from the device. A successful exploit could grant the attacker complete, unauthorized access to the network device or expose confidential data.
This vulnerability was discovered internally during the resolution of a Cisco Technical Assistance Center (TAC) support case.
A Cisco device is only affected by this vulnerability if it is running a susceptible version of Cisco IOS or IOS XE Software and is configured to use TACACS+ without a shared secret defined for every server.
Administrators can determine their exposure by inspecting their device’s running configuration. Using command-line interface (CLI) commands such as show running-config | include tacacs, administrators can first confirm if TACACS+ is enabled.
If it is, they must then verify that a shared secret key is configured for every TACACS+ server entry. If any configured server is missing its associated key, the device is vulnerable to exploitation and requires immediate remediation.
Cisco has issued a security advisory detailing the vulnerability and has made fixed software releases available for affected products. The company strongly recommends that all customers upgrade to a patched version of IOS or IOS XE to permanently resolve the issue.
As a temporary solution, an effective workaround is available. Administrators can mitigate the vulnerability by ensuring that a shared secret key is properly configured for every TACACS+ server on their devices.
While this workaround prevents exploitation, Cisco considers it a temporary measure until the software can be upgraded.
The Cisco Product Security Incident Response Team (PSIRT) has stated that it is not aware of any public announcements or malicious use of this vulnerability in the wild.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
Source link
